DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=31302>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=31302 suexec doesn't execute commands if they're not in the current dir ------- Additional Comments From [EMAIL PROTECTED] 2004-09-20 01:20 ------- I've figured this out writting such patch: -- FILE START -- --- os/unix/unixd.c.orig Mon Sep 20 04:09:08 2004 +++ os/unix/unixd.c Mon Sep 20 04:09:27 2004 @@ -308,15 +308,7 @@ return apr_proc_create(newproc, progname, args, env, attr, p); } - argv0 = ap_strrchr_c(progname, '/'); - /* Allow suexec's "/" check to succeed */ - if (argv0 != NULL) { - argv0++; - } - else { - argv0 = progname; - } - + argv0 = progname; if (ugid->userdir) { execuser = apr_psprintf(p, "~%ld", (long) ugid->uid); -- FILE END -- what was that check for? security feature to avoid running external programs? If so they can be executed anyway under the same permissions directly from the program executed from the current dir. I guess it was unusual. Please comment. Thanks. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
